Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '7H7FNCNP7A' = '%APPDATA%\dl0F2SspiS.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '7H7FNCNP7A' = '%APPDATA%\dl0F2SspiS.exe'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\dl0F2SspiS.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\dl0F2SspiS.exe.lnk
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoLogOff' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoChangeStartMenu' = '00000000'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoClose' = '00000000'
- %HOMEPATH%\AppData\Roaming\semtitulo.cur
- %APPDATA%\link1.cur
- %APPDATA%\select1.cur
- %HOMEPATH%\AppData\Roaming\link1.cur
- %HOMEPATH%\AppData\Roaming\select1.cur
- %HOMEPATH%\AppData\Roaming\arrow1.cur
- %APPDATA%\dl0F2SspiS.exe
- %APPDATA%\winup00.dat
- %APPDATA%\mp6.txt
- %APPDATA%\arrow1.cur
- %APPDATA%\semtitulo.cur
- %APPDATA%\date.dat
- 'br####gramas.com.br':80
- 'www.me####erecoip.com':80
- 'me##p.eu':80
- http://www.me####erecoip.com/
- http://me##p.eu/
- http://br####gramas.com.br/css/menutop/images/graph.php
- DNS ASK br####gramas.com.br
- DNS ASK www.me####erecoip.com
- DNS ASK me##p.eu